Multiple vulnerabilities have been identified in AOL, which could be exploited by attackers to take complete control of an affected system.
The first issue is due to a buffer overflow error in the YGPPDownload ActiveX control when processing malformed arguments passed to the "AddPictureNoAlbum()" method, which could be exploited by remote attackers to execute arbitrary commands via a specially crafted web page.
The second vulnerability is due to a buffer overflow error in the YGPPDownload ActiveX control when processing a malformed "downloadFileDirectory" property, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a malicious web page.
Affected Products
AOL version 9.0 and prior
AOL version 9.0 (Security Edition) and prior
Solution
Log in to the AOL service to apply patches automatically :
http://free.aol.com/downloadaol
